Several vulnerabilities in CMS Made Simple 1.1.3.1

Hi, There are several security bugs in CMS Made Simple 1.1.3.1 : I am not going to release dangerous and exploitable info here 1 There is a highly dangerous PHP code execution bug in the script . 2 A registered user can access unauthorized pages . For example he can upload files to the server, or...

PicoFlat CMS 0.4.14 - 'index.php' Remote File Inclusion

PicoFlat CMS Remote file inclusion f0und bY 0in download:http://sourceforge.net/project/showfiles.php?groupid=195156&packageid=230351&releaseid=533796 Greetings to:Dark-coders team members: Die-angel,Slim,Umbro Others: Joker186,Kaja,Wojto111,Rade0n And funny n00b-firends: Pucik and Steryd ; FUN B...

CVE-2007-5315

PHP remote file inclusion vulnerability in common.php in LiveAlbum 0.9.0, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the livealbumdir parameter...

CVE-2007-5314

PHP remote file inclusion vulnerability in system/funcs/xkurl.php in xKiosk WEB 3.0.1i, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the PEARPATH parameter...

CVE-2007-5315

PHP remote file inclusion vulnerability in common.php in LiveAlbum 0.9.0, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the livealbumdir parameter...

CVE-2007-5294

PHP remote file inclusion vulnerability in core/aural.php in IDMOS 1.0-beta aka Phoenix allows remote attackers to execute arbitrary PHP code via a URL in the siteabsolutepath parameter...

CVE-2007-5307

ELSEIF CMS Beta 0.6 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code by uploading a .php file via externe/swfupload/upload.php. NOTE: it coul...

Command injection

ELSEIF CMS Beta 0.6 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code by uploading a .php file via externe/swfupload/upload.php. NOTE: it coul...

CVE-2007-5307

Technical details about CVE-2007-5307 are not publicly available in the provided connected documents. Please monitor for updates on affected software, impact and remediation.

CVE-2007-5307

ELSEIF CMS Beta 0.6 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code by uploading a .php file via externe/swfupload/upload.php. NOTE: it coul...

LightBlog 8.4.1.1 Remote Code Execution Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo " LightBlog 8.4.1.1 Remote Code Execution Exploit by BlackHawk [email protected] http://itablackhawk.altervista.org Thanks to rgod for the php code and Marty for the Love "; if $argc3 echo "Usage: php ".$argv0." Host...

CVE-2007-5178

contrib/mxglancesdesc.php in the mxglance 2.3.3 module for mxBB places a critical security check within a comment because of a missing comment delimiter, which allows remote attackers to conduct remote file inclusion attacks and execute arbitrary PHP code via a URL in the mxrootpath parameter...

CVE-2007-5178

The CVE describes a vulnerability in the mx_glance 2.3.3 module for mxBB where a missing delimiter inside a security check placed within a comment enables remote file inclusion (RFI) and arbitrary PHP code execution via a URL in the mx_root_path parameter. Affected software is mx_glance 2.3.3 for...

CVE-2007-5167

PHP remote file inclusion vulnerability in .systeme/fonctions.php in phpLister 0.5-pre2 allows remote attackers to execute arbitrary PHP code via a URL in the nomrepsysteme parameter...

Remote file inclusion

PHP remote file inclusion vulnerability in includes/functions/layout.php in Nexty 1.01.A Beta allows remote attackers to execute arbitrary PHP code via a URL in the rel parameter. NOTE: this issue is disputed by CVE because the applicable include is in a function that is not called on a direct...

Design/Logic Flaw

Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php."...

Remote file inclusion

PHP remote file inclusion vulnerability in includes/archive/archivetopic.php in IntegraMOD Nederland 1.4.2 allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in Ekke Doerre Contenido 42VariablVersion 42VV10 in contenidohacks in Mods 4 Xoops Contenido eZ publish pdf4cms allow remote attackers to execute arbitrary PHP code via a URL in the cfgPathInc parameter to 1 mainupl.php, 2 mainconeditside.php, 3...

CVE-2007-5115

Multiple PHP remote file inclusion vulnerabilities in Ekke Doerre Contenido 42VariablVersion 42VV10 in contenidohacks in Mods 4 Xoops Contenido eZ publish pdf4cms allow remote attackers to execute arbitrary PHP code via a URL in the cfgPathInc parameter to 1 mainupl.php, 2 mainconeditside.php, 3...

CVE-2007-5114

PHP remote file inclusion vulnerability in include/plugin/block.t.php in Peter Schmidt phpmyProfiler 0.9.6b allows remote attackers to execute arbitrary PHP code via a URL in the pmprelpath parameter. NOTE: this issue is disputed by CVE because the applicable requireonce is in a function that is...